I have a small Windows 2012 domain that includes 3 Win 2008 servers and 8 Windows 2012 servers. None of the 2012 servers have an issue connecting with AD or viewing \\<domain controller>\netlogon or \\<domain controller>\sysvol> in Windows explorer.

If I try to do the same thing from the Win 2008 servers though, I get prompted for a username/password and even with a valid password supplied I get an "Access Denied" error.

I can otherwise ping the domain controllers, access the C: drive via the admin share (c$), users authenticate with no issue. If I manually drill down from the admin share (C$) I can get into the sysvol folders and browse them.

Running gpupdate from a 2008 server generates these messages:

"The processing of group policy failed. Windows attempted to read the file  \\xxx\sysvol\xxx\Policies\{long string}\gpt.ini from a domain controller and was not successful. Group policy settings may not be applied until this event is resolved."

Using windows explorer and \\domain controller\c$, though, from the 2008 server, I can drill down and find that gpt.ini file and open it and edit it if I want.

Running rsop.msc generates the message "Unable to generate RSoP Data. In logging mode, likely causes are group policy has never successfully processed for the computer or user, RSoP logging was never enabled, or data is corrupt. In planning mode, verify that the selected domain controllers supports RSoP"

Running rsop.msc from any 2012 server runs without problem however, so it appears the domain controllers support it.

I'm stumped - any suggestions?

Paul

• Edited by PaulGreene 3 hours 44 minutes ago